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Today's  Practice  P4:  Perimeter  Protection,  Patch  &  Pray 
isn't  Convergent  with  The  Threat 


It's  about  learning  from  biology 
and  societies  how  to  design 
secure,  adaptive  and  resilient 
systems. 
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Humans  Have  Two  Immune  Systems: 
Innate  and  Adaptive 


neutrophils 

macrophages 

dendritic  cells 

natural  killer 
(NK)  cells 

CD3/CD4 
T  cell 

CD3/CD8 
T  cell 

B  cells 


Fast,  but  inflexible, 
covers  fixed  sets  of 
pathogen  that  are 
always  present.  Supports 
the  adaptive  immune 
system. 


Slower,  learns  to 
recognize  new  sets  of 
pathogens,  distinguishes 
self  from  non-self, 
retains  memory  to  guard 
against  future  attacks. 


At  least  20  -  30%  of  the  body's  resources  are  involved  in 
constant  surveillance  and  containment. 
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Three  Big  Problems 


1.  Systems  can  be  easily  penetrated 

2.  Once  penetrated,  cleanup  is  prohibitively  expensive, 
time-consuming,  and  unpredictable 

3.  If  one  system  can  be  penetrated,  then  nearly  all  of 
them  can 
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Mission-oriented  Resilient  Clouds 


Using  the  power  of  a  computational  community  to  protect 
massively  shared  computational  infrastructure 


Your  Software 
Lives  Here 


Modular  Data  Center 
Containers 


Blade  Server  Blade  Server 

Racks  Network 
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Resilient  Clouds:  A  Community  that  uses  the  Network  as 
a  Defensive  Amplifier 


TODAY 


Acting  as  individuals  makes  the 
enterprise  weaker  than  the  sum  of  its 
parts 


•  "Box"  Oriented 

•  Vulnerable  Components 

•  Static  Sitting  Duck 

•  Shared  Vulnerabilities 

•  Implicit  Trust  is  Amplifier 


RESI  LI  ENT  CLOUDS  (CRASH+  +  ) 

Acting  as  a  community  makes  the 
enterprise  stronger  than  the  sum  of 
its  parts 


•  Mission  Optimized 

•  CRASH-worthy  components 

•  Moving  Target 

•  Resilience  through  Diversity 

•  Collective  Diagnosis  is  Damper 
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Resilient  Clouds  Technology  Areas 


Combined  Goal  of  CRASH 
&  Resilient  Clouds 


Cyber-  Mission  Resi  I  ience 


Resilient  Clouds  Technologies 


For  more  info  see:  http://tinyurl.com/68w9wpf 
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Information  flow 

Control  flow 


Secure  Computer  Systems 


CRASH 

Clean-slate  design  of  Resilient,  Adaptive,  Secure  Hosts 
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CRASH  Applies  Biological  Principles  to  Computation 


I  nnate  I  immunity: 

New  hardware  &  operating  system  architectures 

that  eliminate  all  common  technical  vulnerabilities 


Adaptive  I  immunity 
Middleware  that: 

•  Diagnoses  root  causes  of  vulnerabilities  and  builds 
situational  assessment 

•  Quickly  adapts  &  reconfigures 

•  Learns  from  previous  attacks  and  gets  better  at 
self-protection 


[ 


1 — I 


Population  Diversity 
Computational  techniques  that: 

•  Increase  entropy  in  time  and  space 

•  Make  every  system  unique 

•  Raise  work  factor  of  attacker  for  each  system 
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Innate  Immunity: 

An  Example  Hardware  Solution 
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Software  and  hybrid  solutions  are 
also  possible  (e.g.  PROCEED) 
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Adaptive  Immunity 


System 

Model 


4.  System  model  is  adapted  with 
new  attack-specific  detector 


fl'l 


1.  Hardware  analog 
of  innate  immune 
system  detects 
anomaly 


3.  System  model  is  used  to  perform  diagnosis 
(e.g.  localization  and  characterization) 


2.  Software  system 
analog  of  adaptive 
immune  system  is 
signaled 


5.  Adaptive  immune 
system  synthesizes  plan 
to  get  around  problem 
and  patch  to  remove 
specific  vulnerability 
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Dynamic  Diversity  Makes  a  Single  Host  Different  from 
Moment  to  Moment 


Address  Space  Randomization 


I  nstruction  Set  Randomization 


Code  and/or  data  blocks 
are  periodically 
repositioned  in  memory  so 
that  attacker  has  to  work 
harder  to  find  a  target. 
Garbage-collected  memory 
has  the  property  inherently, 
new  methods  may  optimize 
for  increased  entropy. 


Functional  Redundancy  &  Decision 
Theoretic  Dispatch 


There  are  multiple  methods 
for  achieving  each  goal 
("n-version  programming"). 
Each  distinct  method  has 
different  qualities  of  service. 
Method  selection  is  driven 
both  by  preferences  over 
QoS  and  by  need  for 
unpredictability. 


Memory 
Encrypted- 1 


Encrypted-2 


Encrypted-3 


Encrypted-4 


lnjected-1 


Injected- 2 


Encrypted-5 


Encrypted-6 


Code  is  encrypted  as  it  enters 
memory  and  Decrypted  as  it  enters 
the  instruction  cache  (or  translation 
buffer).  Injected  code  in  native 
instruction  set  is  then  encrypted 
and  not  executable.  Encryption  key 
can  be  varied  by  process  and  time. 


Disk 


lnstruction-1 


Instruction-2 


Instruction-3 


Instruction-4 


Instruction-5 


Instruction-6 


I  Cache 


Instruction-1 


I  nstruction-2 


Instruction-3 


Instruction-4 
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Encrypted-1 


Instruction-5 


Instruction-6 
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Turn  the  Tables:  Make  The  Attacker  Do  The  Work 
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Adaptive  1  mmunity 

•  Novel  Hardware 

•  Policy  Weaving 

•  Separation  OS's 

•  Automatic  Patching 

•  Information  Flow 

•  Selective  Playback 

•  Formal  Methods 

•  Symbiotes 

Dynamic  Diversity 


•  Compiler  generated 
Diversity 

•  Algorithmic 
Diversity 

•  I  nstruction  Set 
Randomization 
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An  opportunity... 

Smartphone  >  PC  shipments  within  2  years 


Implies  very  rapid,  land  grab  evolution  of  internet  access 


Global  Unit  Shipments  of  Desktop  PCs  +  Notebook  PCs  vs.  Smartphones,  2005  -  201 3E 
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201 2E:  Inflection  Point 
Smartphones  >  Total  PCs 


600 


5  500 

(A 

c 

<D 

E  400 
a 
!5 
c n 

300 

Z> 

n 

i  200 

c 

< 


100 


I  I 


2005 


Morgan  Stanley 


\ 


2006  2007  2008  2009E  201 0E  201 IE  201 2E  201 3E 

Desktop  PCs  ■  Notebook  PCs  Smartphones 

Note:  Notebook  PCs  include  Netbooks.  Source:  IDC,  Gartner,  Morgan  Stanley  Research  estimates.  5 


Approved  for  Public  Release,  Distribution  Unlimited. 


Our  goal... 


...is  to  get  CRASH  &  MRC  technologies  into  your  machines. 

•  If  you  make  computers,  operating  systems,  middleware... 

•  If  you  use  these  and  can  influence  the  people  who  make  them 

•  If  you  think  there's  a  great  startup  opportunity 

•  Then  we  want  to  talk  with  you  about  how  to  transition  our 
technologies  into  the  real  world. 

•  Contact  us  at  Crashl  nquiries@darpa.mil 
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